package x509

import (
    "os"
    "sync"
    "bytes"
    "errors"
    "runtime"
    "io/ioutil"
    "crypto/x509"
    "crypto/sha256"
    "encoding/pem"
)

// Possible certificate files; stop after finding one.
var certFiles = []string{
    "/etc/ssl/certs/ca-certificates.crt",                // Debian/Ubuntu/Gentoo etc.
    "/etc/pki/tls/certs/ca-bundle.crt",                  // Fedora/RHEL 6
    "/etc/ssl/ca-bundle.pem",                            // OpenSUSE
    "/etc/pki/tls/cacert.pem",                           // OpenELEC
    "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem", // CentOS/RHEL 7
}

// Possible directories with certificate files; stop after successfully
// reading at least one file from a directory.
var certDirectories = []string{
    "/etc/ssl/certs",               // SLES10/SLES11, https://golang.org/issue/12139
    "/system/etc/security/cacerts", // Android
}

var (
    once           sync.Once
    systemRoots    *CertPool
    systemRootsErr error
)

func systemRootsPool() *CertPool {
    once.Do(initSystemRoots)
    return systemRoots
}

func initSystemRoots() {
    systemRoots, systemRootsErr = loadSystemRoots()
}

func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) {
    return nil, nil
}

func loadSystemRoots() (*CertPool, error) {
    roots := NewCertPool()
    var firstErr error
    for _, file := range certFiles {
        data, err := ioutil.ReadFile(file)
        if err == nil {
            roots.AppendCertsFromPEM(data)
            return roots, nil
        }
        if firstErr == nil && !os.IsNotExist(err) {
            firstErr = err
        }
    }

    for _, directory := range certDirectories {
        fis, err := ioutil.ReadDir(directory)
        if err != nil {
            if firstErr == nil && !os.IsNotExist(err) {
                firstErr = err
            }
            continue
        }
        rootsAdded := false
        for _, fi := range fis {
            data, err := ioutil.ReadFile(directory + "/" + fi.Name())
            if err == nil && roots.AppendCertsFromPEM(data) {
                rootsAdded = true
            }
        }
        if rootsAdded {
            return roots, nil
        }
    }

    return nil, firstErr
}

// SystemCertPool returns a copy of the system cert pool.
//
// Any mutations to the returned pool are not written to disk and do
// not affect any other pool.
func SysCertPool() (*x509.CertPool, error) {
    return x509.SystemCertPool()
}

// SystemCertPool returns a copy of the system cert pool.
//
// Any mutations to the returned pool are not written to disk and do
// not affect any other pool.
func SystemCertPool() (*CertPool, error) {
    if runtime.GOOS == "windows" {
        return nil, errors.New("crypto/x509: system root pool is not available on Windows")
    }

    return systemRootsPool().Clone(), systemRootsErr
}

type sum224 [sha256.Size224]byte

// CertPool is a set of certificates.
type CertPool struct {
    byName map[string][]int // cert.RawSubject => index into lazyCerts

    // lazyCerts contains funcs that return a certificate,
    // lazily parsing/decompressing it as needed.
    lazyCerts []lazyCert

    // haveSum maps from sum224(cert.Raw) to true. It's used only
    // for AddCert duplicate detection, to avoid CertPool.contains
    // calls in the AddCert path (because the contains method can
    // call getCert and otherwise negate savings from lazy getCert
    // funcs).
    haveSum map[sum224]bool

    // systemPool indicates whether this is a special pool derived from the
    // system roots. If it includes additional roots, it requires doing two
    // verifications, one using the roots provided by the caller, and one using
    // the system platform verifier.
    systemPool bool
}

// lazyCert is minimal metadata about a Cert and a func to retrieve it
// in its normal expanded *Certificate form.
type lazyCert struct {
    // rawSubject is the Certificate.RawSubject value.
    // It's the same as the CertPool.byName key, but in []byte
    // form to make CertPool.Subjects (as used by crypto/tls) do
    // fewer allocations.
    rawSubject []byte

    // constraint is a function to run against a chain when it is a candidate to
    // be added to the chain. This allows adding arbitrary constraints that are
    // not specified in the certificate itself.
    constraint func([]*Certificate) error

    // getCert returns the certificate.
    //
    // It is not meant to do network operations or anything else
    // where a failure is likely; the func is meant to lazily
    // parse/decompress data that is already known to be good. The
    // error in the signature primarily is meant for use in the
    // case where a cert file existed on local disk when the program
    // started up is deleted later before it's read.
    getCert func() (*Certificate, error)
}

// NewCertPool returns a new, empty CertPool.
func NewCertPool() *CertPool {
    return &CertPool{
        byName:  make(map[string][]int),
        haveSum: make(map[sum224]bool),
    }
}

// len returns the number of certs in the set.
// A nil set is a valid empty set.
func (s *CertPool) len() int {
    if s == nil {
        return 0
    }

    return len(s.lazyCerts)
}

// cert returns cert index n in s.
func (s *CertPool) cert(n int) (*Certificate, func([]*Certificate) error, error) {
    cert, err := s.lazyCerts[n].getCert()
    return cert, s.lazyCerts[n].constraint, err
}

// Clone returns a copy of s.
func (s *CertPool) Clone() *CertPool {
    p := &CertPool{
        byName:     make(map[string][]int, len(s.byName)),
        lazyCerts:  make([]lazyCert, len(s.lazyCerts)),
        haveSum:    make(map[sum224]bool, len(s.haveSum)),
        systemPool: s.systemPool,
    }

    for k, v := range s.byName {
        indexes := make([]int, len(v))
        copy(indexes, v)
        p.byName[k] = indexes
    }

    for k := range s.haveSum {
        p.haveSum[k] = true
    }

    copy(p.lazyCerts, s.lazyCerts)
    return p
}

type potentialParent struct {
    cert       *Certificate
    constraint func([]*Certificate) error
}

// findPotentialParents returns the certificates in s which might have signed
// cert.
func (s *CertPool) findPotentialParents(cert *Certificate) []potentialParent {
    if s == nil {
        return nil
    }

    // consider all candidates where cert.Issuer matches cert.Subject.
    // when picking possible candidates the list is built in the order
    // of match plausibility as to save cycles in buildChains:
    //   AKID and SKID match
    //   AKID present, SKID missing / AKID missing, SKID present
    //   AKID and SKID don't match
    var matchingKeyID, oneKeyID, mismatchKeyID []potentialParent
    for _, c := range s.byName[string(cert.RawIssuer)] {
        candidate, constraint, err := s.cert(c)
        if err != nil {
            continue
        }

        kidMatch := bytes.Equal(candidate.SubjectKeyId, cert.AuthorityKeyId)
        switch {
            case kidMatch:
                matchingKeyID = append(matchingKeyID, potentialParent{candidate, constraint})
            case (len(candidate.SubjectKeyId) == 0 && len(cert.AuthorityKeyId) > 0) ||
                (len(candidate.SubjectKeyId) > 0 && len(cert.AuthorityKeyId) == 0):
                oneKeyID = append(oneKeyID, potentialParent{candidate, constraint})
            default:
                mismatchKeyID = append(mismatchKeyID, potentialParent{candidate, constraint})
        }
    }

    found := len(matchingKeyID) + len(oneKeyID) + len(mismatchKeyID)
    if found == 0 {
        return nil
    }

    candidates := make([]potentialParent, 0, found)
    candidates = append(candidates, matchingKeyID...)
    candidates = append(candidates, oneKeyID...)
    candidates = append(candidates, mismatchKeyID...)
    return candidates
}

func (s *CertPool) contains(cert *Certificate) bool {
    if s == nil {
        return false
    }

    return s.haveSum[sha256.Sum224(cert.Raw)]
}

// AddCert adds a certificate to a pool.
func (s *CertPool) AddCert(cert *Certificate) {
    if cert == nil {
        panic("adding nil Certificate to CertPool")
    }

    s.addCertFunc(sha256.Sum224(cert.Raw), string(cert.RawSubject), func() (*Certificate, error) {
        return cert, nil
    }, nil)
}

// addCertFunc adds metadata about a certificate to a pool, along with
// a func to fetch that certificate later when needed.
//
// The rawSubject is Certificate.RawSubject and must be non-empty.
// The getCert func may be called 0 or more times.
func (s *CertPool) addCertFunc(rawSum224 sum224, rawSubject string, getCert func() (*Certificate, error), constraint func([]*Certificate) error) {
    if getCert == nil {
        panic("getCert can't be nil")
    }

    // Check that the certificate isn't being added twice.
    if s.haveSum[rawSum224] {
        return
    }

    s.haveSum[rawSum224] = true
    s.lazyCerts = append(s.lazyCerts, lazyCert{
        rawSubject: []byte(rawSubject),
        getCert:    getCert,
        constraint: constraint,
    })
    s.byName[rawSubject] = append(s.byName[rawSubject], len(s.lazyCerts)-1)
}

// AppendCertsFromPEM attempts to parse a series of PEM encoded certificates.
// It appends any certificates found to s and reports whether any certificates
// were successfully parsed.
//
// On many Linux systems, /etc/ssl/cert.pem will contain the system wide set
// of root CAs in a format suitable for this function.
func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool) {
    for len(pemCerts) > 0 {
        var block *pem.Block
        block, pemCerts = pem.Decode(pemCerts)
        if block == nil {
            break
        }

        if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
            continue
        }

        certBytes := block.Bytes
        cert, err := ParseCertificate(certBytes)
        if err != nil {
            continue
        }

        var lazyCert struct {
            sync.Once
            v *Certificate
        }

        s.addCertFunc(sha256.Sum224(cert.Raw), string(cert.RawSubject), func() (*Certificate, error) {
            lazyCert.Do(func() {
                // This can't fail, as the same bytes already parsed above.
                lazyCert.v, _ = ParseCertificate(certBytes)
                certBytes = nil
            })
            return lazyCert.v, nil
        }, nil)

        ok = true
    }

    return ok
}

// Subjects returns a list of the DER-encoded subjects of
// all of the certificates in the pool.
//
// Deprecated: if s was returned by [SystemCertPool], Subjects
// will not include the system roots.
func (s *CertPool) Subjects() [][]byte {
    res := make([][]byte, s.len())
    for i, lc := range s.lazyCerts {
        res[i] = lc.rawSubject
    }

    return res
}

// Equal reports whether s and other are equal.
func (s *CertPool) Equal(other *CertPool) bool {
    if s == nil || other == nil {
        return s == other
    }

    if s.systemPool != other.systemPool || len(s.haveSum) != len(other.haveSum) {
        return false
    }

    for h := range s.haveSum {
        if !other.haveSum[h] {
            return false
        }
    }

    return true
}

// AddCertWithConstraint adds a certificate to the pool with the additional
// constraint. When Certificate.Verify builds a chain which is rooted by cert,
// it will additionally pass the whole chain to constraint to determine its
// validity. If constraint returns a non-nil error, the chain will be discarded.
// constraint may be called concurrently from multiple goroutines.
func (s *CertPool) AddCertWithConstraint(cert *Certificate, constraint func([]*Certificate) error) {
    if cert == nil {
        panic("adding nil Certificate to CertPool")
    }

    s.addCertFunc(sha256.Sum224(cert.Raw), string(cert.RawSubject), func() (*Certificate, error) {
        return cert, nil
    }, constraint)
}
